Halting Problems

An automated threat intelligence aggregator providing a central hub for supply chain attacks and actively exploited vulnerabilities.

SIEM Ingestion Feed docs
Analyses
102
Machine-readable
JSON feed
Hunting
Scripts tracked
102 analyses shown
medium4 signals

Joomlack Page Builder CVE-2026-56290: KEV exploited vulnerability

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload. CISA added it to KEV on 2026-07-07, making it an in-scope exploited-vulnerability coverage item.

Signals
4
Last updated
2026-07-07
Hunting
Has script
#supply-chainenterprise-software
medium3 signals

Langflow Langflow CVE-2026-55255: KEV exploited vulnerability

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. CISA added it to KEV on 2026-07-07, making it an in-scope exploited-vulnerability coverage item.

Signals
3
Last updated
2026-07-07
Hunting
Has script
#supply-chainenterprise-software
medium4 signals

Microsoft SharePoint Server CVE-2026-45659: KEV exploited vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network. CISA added it to KEV on 2026-07-01, making it an in-scope exploited-vulnerability coverage item.

Signals
4
Last updated
2026-07-01
Hunting
Has script
#supply-chainenterprise-software
medium3 signals

SimpleHelp SimpleHelp CVE-2026-48558: KEV exploited vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. CISA added it to KEV on 2026-06-29, making it an in-scope exploited-vulnerability coverage item.

Signals
3
Last updated
2026-06-29
Hunting
Has script
#supply-chainenterprise-software
critical26 signals

pnpm Package-Manager Supply-Chain Advisory Batch

pnpm disclosed a cluster of package-manager vulnerabilities affecting lockfile integrity, Git dependency fetching, repository registry configuration, patch application, and symlink creation; responders should inventory vulnerable pnpm versions and review credential-bearing install paths.

Signals
26
Last updated
2026-06-27
Hunting
Has script
#supply-chainnpm
critical11 signals

@cyclonedx/cdxgen Maven Scanner Command Injection

CycloneDX cdxgen before 12.4.3 could execute shell metacharacters from repository-controlled Maven module paths when scanning attacker-controlled projects, putting developer workstations and CI SBOM runners at risk.

Signals
11
Last updated
2026-06-26
Hunting
Has script
#supply-chainnpm
critical53 signals

Immobiliare Labs Backstage npm Packages Hit by Phantom Gyp

On June 26, 2026, multiple @immobiliarelabs Backstage plugin versions were published to npm with a binding.gyp node-gyp hook and a new 5 MB index.js payload. Treat affected Backstage builds and developer or CI installs as credential exposure until lockfiles, package caches, and downstream audits are clean.

Signals
53
Last updated
2026-06-26
Hunting
Has script
#supply-chainnpm
critical44 signals

Leo Platform npm Miasma / Phantom Gyp Compromise

StepSecurity disclosed a June 24, 2026 Leo Platform npm supply-chain compromise affecting 20 packages published in a three-second burst. Socket and Sonatype then tied three more malicious npm packages to the same Miasma / Mini Shai-Hulud Phantom Gyp tradecraft, extending the incident into a 23-package campaign update.

Signals
44
Last updated
2026-06-25
Hunting
Has script
#supply-chainnpm
critical22 signals

simonecorsi/mawesome GitHub Action Tag Hijack

Mutable refs for simonecorsi/mawesome including latest, v1, v2, and v2.2.0 currently resolve to a composite action that installs Bun and always runs an obfuscated JavaScript payload, exposing GitHub Actions runners that still trust those tags.

Signals
22
Last updated
2026-06-25
Hunting
Has script
#supply-chaingithub actions
critical24 signals

codfish/semantic-release-action GitHub Action Tag Hijack

An attacker force-pushed a malicious composite action into codfish/semantic-release-action and moved fifteen published tags to that commit, exposing GitHub Actions runners that still trusted mutable refs such as v3, v4, and v5.

Signals
24
Last updated
2026-06-24
Hunting
Has script
#supply-chaingithub actions
critical13 signals

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

StepSecurity and JetBrains say 15 malicious JetBrains Marketplace plugins stole AI provider API keys from developers, then a remote kill-switch and marketplace purge removed the listings and banned the publisher accounts.

Signals
13
Last updated
2026-06-19
Hunting
Has script
#supply-chainjetbrains-marketplace
medium20 signals

buffer-utilities: Lazarus Group npm Brandjacking Dropper

Sonatype and JFrog describe buffer-utilities as a malicious npm brandjacking package in a Lazarus Group campaign; the package acts as a dropper that fetches and launches remote payloads.

Signals
20
Last updated
2026-06-18
Hunting
Has script
#supply-chainnpm